Last week a Malaysian man was charged for hacking into the Federal Reserve Bank of Cleveland’s computer systems and for stealing more than 400,000 credit and debit card numbers. Later on IDG News reported that the Fed said he only broke into a test Fed system and that the Fed doesn’t process card numbers so the card data couldn’t have been stolen there, nor was there any sensitive information stolen during the hack.
Whatever the case, it does remind me and probably many of you – that banks are not subject to PCI enforcement. Try to find a PCI related deadline for card issuing banks on the Visa or MasterCard websites and you will come up noticeably short.
I remember moderating a panel at a Federal Reserve Bank conference about two and a half years ago, with the card brands and major U.S. merchants present. A treasurer at a top global merchant was noticeably irked when he asked the Visa rep on my panel when he could get a list of PCI compliant bank card issuers. The Visa panelist deflected the question.
It’s one of those parts of PCI enforcement that demonstrates the lack of a level playing field across banks, merchants, and merchant service providers. And its too esoteric an issue for Congress and the federal regulators to take on right now. They do seem to be making headway in breaking the secret circle and decision making process that dictates interchange fees, which should give merchants more power when it comes to payments. It would be nice if the security part of the card payment food chain equation were fair as well, but don’t hold your breath.
Category: Uncategorized Tags: